Just a few days after Google fixed a comparable security flaw in Chrome that was inactive as a zero-day, Mozilla has released changes to fix it.
CVE-2025-2857, a security risk, has been described as a situation of an invalid handle that could cause a sandbox escape.
” Various Firefox developers identified a similar pattern in our IPC]inter-process communication ] code following the recent Chrome sandbox escape ( CVE-2025-2783 ),” according to a Mozilla advisory.
A damaged child process could result in the parent process returning an unknowingly powerful handle that would lead to a sandbox escape.
The issue that affects Firefox and Firefox ESR has been fixed in Firefox 136.0.4, Firefox ESR 115.21.1, and Firefox ESR 128.8.1. No proof exists that CVE-2025-2857 has been a wild abused.
The development comes as Google Chrome edition 134.0.6998.177/. CVE-2025-2783, which has been exploited in the wild as part of assaults aimed at government agencies, academic institutions, and media sources in Russia, has been fixed by Windows version 178.
Kaspersky, which discovered the exercise in mid-March 2025, claimed the disease took place after unnamed victims clicked a specially designed link in phishing emails, and the attacker-controlled website was accessed using Chrome.
CVE-2025-2783 is said to have been chained together with another unidentified exploit in the web browser to circumvent the walls of the playground and execute remote code. Nonetheless, patching the spider effectively blocks the whole attack chain.
The Known Exploited Vulnerabilities ( ) catalog, which requires federal agencies to apply the necessary mitigations by April 17, 2025, has since been updated by the U.S. Cybersecurity and Infrastructure Security Agency ( CISA ).
People are advised to regularly update their browsers to the most recent variants to protect against potential risks.